17.1 Analyzing Threats Your Application Faces with the Threat Analysis & Modeling Tool
One of the key processes required for effective security is that of risk management, which, in brief, requires at least the ability to analyze and model risk. Threat analysis and modeling can be seen as a precursor to risk analysis and modeling. This process tries to address some rather primitive problems, such as:
How do you define security requirements formally and in a structured manner?
How do you define, implement, and test a sound security strategy throughout the entire development lifecycle and beyond?
How do you approach solving these large problems? What processes should you follow, and what tools should you use along the way?
Microsoft’s Threat Analysis & Modeling (TAM) tool, developed by its Application Consulting & Engineering (ACE) team, helps teams build a picture of threats their systems may face and assists those teams in defining strategies for dealing with security issues. The tool and its associated processes are built around the roles and responsibilities of various groups involved in the development of software applications. TAM also aids in collectively increasing the security awareness of your team and customers.
Microsoft’s ACE team is chartered with empowering various application development teams around Microsoft to develop and maintain more secure software, and it is responsible for developing, deploying, and refining security training, tools, and processes.
Microsoft Threat ... |
---|
Get Windows Developer Power Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.